Are You Ready to Comply with NIST 800-171?

October 19, 2017

By Ted Brown and John Piccininni

If you are a public or private sector company that supplies goods and services to the federal government, NIST 800-171 applies to you.

The BasicsThe National Institute of Standards and Technology (NIST) released Special Publication 800-171 pertaining to all Department of Defense (DoD) and federal contractors with access to controlled unclassified information (CUI). The publication encompasses the protection of sensitive federal information and (CUI) in non-federal information systems and organizations.

The deadline to comply, as stated by the Defense Federal Acquisition Regulation Supplement (DFARS), is December 31, 2017.

How Are You Affected?Compliance with NIST 800-171 is meant to standardize the way in which organizations access and protect CUI that resides in non-federal information systems. The federal government routinely shares information with state and local government, colleges and universities, and independent organizations, contractors and suppliers.

Essentially, any company or organization that contracts with the federal government and handles, processes, or stores government information considered to be CUI must comply with the security requirements outlined in the SP800-171 document. CUI can include financial, research, agricultural, and legal information, and more, which falls under security and control guidelines broken into families of controls, as follows:

Among other things, it means it’s imperative for all federal government business partners to adopt a method for two-factor authentication for users of IT networks, email servers, data centers, VPNs, and all IT resources that store CUI. Those organizations must control and monitor access to all related physical and information resources.

Identiv Can Help You ComplyWhile no single security product or company addresses all elements of the NIST requirement, Identiv’s authentication and physical security solutions can be part of and woven into a complete program that includes cyber security solutions, policies, and processes that contribute to full compliance.

For over 36 years, starting with Hirsch Electronics, Identiv has been providing the global standard of physical access control systems (PACS) for the U.S. federal government. In addition, our smart card readers and highly secure credentials meet the identity and authentication requirement of NIST 800-171. Our full portfolio of solutions can help you obtain NIST 800-171 compliance with converged access credentials that support industry standards for CAC, PIV, ISO 7816 1- 4, and Microsoft infrastructures.